Just over a year ago, the Heartbleed bug snagged headlines and stirred up fear across cyberspace. Present since 2011 and known to hackers well before it was publicly identified last year, Heartbleed allowed attackers to access server memory and snatch encryption/decryption keys. Close on Heartbleed’s heels was Bash/Shellshock, a vulnerability in the wild for 25 years, and nipping in close behind was Poodle (Padding Oracle On Downgraded Legacy Encryption), a vulnerability with a bite to match its bark. In total, tens of millions of records were put at risk, with 4.5 million patient records compromised via a single incident in which the Heartbleed bug was exploited at Community Health Systems.
After a maelstrom of publicity related to the big name bugs of 2014, one might think that a year later IT would have sufficiently battened down the hatches and bolstered the relevant defenses. And, while organizations have taken steps to improve protection against some of these security holes, according to several recent research reports, many, maybe even most, corporations still remain vulnerable. In fact, one recent report claims that just 3% of companies have performed complete fixes for Heartbleed, while 85% of Global 2000 companies’ external servers remain vulnerable to cyberattacks and compromise from Heartbleed alone.
In the 2015 edition of their annual Data Breach Investigations Report, Verizon noted that 99.9% of exploited vulnerabilities had been compromised more than a year subsequent to being published in the common vulnerabilities and exposures (CVE) system. Consistent with these findings, the HP Cyber Risk Report 2015 identified known, unpatched vulnerabilities and misconfigurations amongst its top two themes leading to cyber risk and breaches in 2014.
Part of this failure to plug security holes and achieve compliance points to fundamental kinks in IT’s endpoint management tool set.
Disjointed Endpoint Management Approach Undermines Defenses and Hinders Attack Response
Today, a single organization may use anywhere from several to more than a dozen tools to manage endpoint functions, (patching, configuration, OS updates, visibility and reporting, etc.) platforms (Windows, Mac, Linux, etc.) and endpoint types (servers, PCs, tablets, smartphones, and industry-specific devices, such as ATMs, point of sale (POS) devices, and kiosks).
In practice, the increased number of tools is correlated to higher complexity, more labor-intensive IT administration, as well as higher likelihood for inconsistent, or incomplete policy enforcement–such as with regards to patching or updating firmware or security services. IT teams are recognizing that this is an untenable situation that not only creates vulnerabilities on its own, but overstretches IT workers leaving them unable to respond, hone in on issues, and troubleshoot in a timely manner—particularly in those instances when time matters most.
Simplicity is an IT admins best friend. Whether you’re talking unified threat management (UTM) in the network security space, or more recently, the rapidly emerging unified endpoint management (UEM) category. The need for a single unified solution across all endpoints is acute, and rapidly gaining traction, though right now, there are a limited number of truly integrated solutions on the market.
With that said, here are three fundamental ways that UEM helps dramatically improve security hygiene and compliance, and is helping reshape IT:
- Consolidation of endpoint tools and functions
The fewer tools IT needs to learn and manage, the easier the onboarding and administrative process becomes. The ability to rule all of the disparate endpoints across a distributed enterprise provides a substantial productivity boost to IT admins, who can manage endpoints more effectively, and frees up time to pursue other business goals.
Misconfigurations, particularly server and other endpoint misconfigurations, continue to be a leading culprit for the creation of vulnerabilities, providing inroads to malware and hackers to perpetrate a massive numbers of breaches every year. Misconfigured endpoints can also trip up how an organization functions in other ways, leading to suboptimal performance or downtime that affects end users or customers.
At some enterprises, different endpoint management tools may be managed by different teams. Having one tool, and one team managing that tool, can dramatically help improve policy administration and enforcement, while also reducing manual errors and misconfigurations.
- Automated policy alignment, self-healing, patching, and more
Most IT admins have big plates—with a lot piled on them. That’s why tools that deliver high-levels of automation that reduce manual processes are in such high demand.
An oft-cited reason that many organizations were overwhelmed by Heartbleed and other attacks was that IT processes needed to push patches once the vulnerability was known, and the tools needed to respond once an infection occurred were too manual, fragmented, and complex. This is why it’s essential to have patching and device configuration processes and self-healing capabilities that are as highly automated, unified, and streamlined as possible. A UEM solution is better poised to seamlessly deliver automation due to higher integration levels.
The most advanced endpoint solutions employ desired state automation, which ensures all endpoints are maintained in a policy-defined “desired state.” If, for instance an employee uses their BYOD device off the company grid and the device falls out of compliance (i.e. misses a firmware update, is jailbroken, or acquires malware), the self-healing capabilities initiated by the automation enforce necessary updates (configuration, patching, etc.) to ensure the device is brought to its desired state of policy compliance before it can regain access to corporate resources and poses a network risk.
On top of this, automation of real-time alerts and reports on policy violations and non-compliance can also help make IT more responsive and effective in handling any threats.
- Holistic Visibility & Integrated Reporting
A mantra of the InfoSec community is “visibility is security”—and this definitely captures a big slice of the security truth. The more tools and teams an organization relies on to manage its various endpoints, the more fragmented and “dumb” any reporting data will be. By having a consolidated view of all endpoints and management functions, organizations can reap the benefits of real, integrated business intelligence at an unprecedented level.
With integrated reporting across an organization, comes the potential to reveal significant trends that might otherwise escape unnoticed when viewed through the lens of various point products, siloed amongst various teams. A holistic view makes for smart IT–helping IT to drastically improve security and compliance posture, and enabling them to make well-calculated decisions on how to react to risks in real-time. For hackers, it is that much harder to hit a moving target.
UEM Paving the Way to Smarter Endpoint Security & Compliance
The vast majority of breached organizations are victims of opportunity—and not pre-identified targets of hackers. The efficacy of a multi-layered collection of the most sophisticated security technologies in the world will be significantly undermined if the technologies are not configured properly, or updated as needed. A more unified and automated endpoint management approach condenses the attack surface for hackers and shortens the window where a potential exploit, such as an APT or zero day attack, can cause damage, while accelerating the response and recovery process.
With so much on the line and new technologies entering enterprises all the time, a highly automated and unified endpoint management foundation can mean the difference between a finely tuned and agile enterprise, versus one that is frequently interrupted by manual processes, overwhelmed by complexity, and undone by disaster.
By Matt Miller, Senior Manager, Marketing Communications at Accelerite
BIO: Matt Miller is Senior Manager, Marketing Communications at Accelerite. His experience and interests traverse cybersecurity, cloud / virtualization, economics, information governance, and risk management. He is also an avid homebrewer (working towards his Black Belt in beer) and writer.
About Accelerite
Accelerite is a global product company that delivers enterprise solutions for endpoint management, cloud, and mobility to organizations of all sizes — from small businesses to Fortune 500 enterprises. Through its award-winning partner program and partnerships with HP and Dell, Accelerite helps organizations solve business-critical IT problems. Accelerite is the products business of Persistent Systems (BSE & NSE: PERSISTENT), a global leader in software product development and technology services, with 8,000 team members worldwide.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.